Jrn5151

**Name of the Vulnerable Software and Affected Versions** Dotstore Fraud Prevention For Woocommerce versions through 2.3.3 **Description** An authorization issue exists in Dotstore Fraud Prevention For Woocommerce due to incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update Dotstore Fraud Prevention For Woocommerce to a version later than 2.3.3.

**Name of the Vulnerable Software and Affected Versions** ThemeHunk Gutenberg Blocks versions through 1.2.8 **Description** A flaw exists in ThemeHunk Gutenberg Blocks that allows for Reflected Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by users. The affected API endpoints and vulnerable parameters were not specified. **Recommendations** Update ThemeHunk Gutenberg Blocks to a version later than 1.2.8.

**Name of the Vulnerable Software and Affected Versions** Dotstore Fraud Prevention For Woocommerce versions n/a through 2.3.1 **Description** A flaw exists in Dotstore Fraud Prevention For Woocommerce that allows retrieval of embedded sensitive data, potentially exposing system information to unauthorized parties. **Recommendations** Update Dotstore Fraud Prevention For Woocommerce to a version newer than 2.3.1.

**Name of the Vulnerable Software and Affected Versions** Curator.Io versions through 1.9.5 **Description** A flaw exists in Curator.Io that allows for Stored Cross-site Scripting (XSS). This issue involves improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Curator.Io to a version later than 1.9.5.

**Name of the Vulnerable Software and Affected Versions** Audiomack versions through 1.4.8 **Description** Audiomack is susceptible to a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. The issue involves the potential for malicious scripts to be stored and executed within the application, potentially impacting users who interact with the affected content. The API endpoint and vulnerable parameters are not specified. **Recommendations** Update Audiomack to a version later than 1.4.8.

**Name of the Vulnerable Software and Affected Versions** Mobile Builder versions through 1.4.2 **Description** Mobile Builder is susceptible to an authentication bypass, allowing authentication abuse. This allows attackers to gain full control without valid credentials. The issue concerns a completely broken authentication mechanism within the WordPress Mobile Builder plugin, enabling trivial remote access. **Recommendations** Update Mobile Builder to a version later than 1.4.2.

**Name of the Vulnerable Software and Affected Versions** 6Storage versions prior to 2.20.0 **Description** A Server-Side Request Forgery (SSRF) vulnerability exists in 6Storage Rentals. This issue allows for Server Side Request Forgery. **Recommendations** Update 6Storage to version 2.20.0 or later.